From 9bd7cfa4393ba307b9109115b6bf390c5264a857 Mon Sep 17 00:00:00 2001 From: Jimmy Gaussen Date: Wed, 3 Apr 2024 20:51:56 +0200 Subject: [PATCH 1/2] fix(core): overrideLogicalId validation --- packages/aws-cdk-lib/core/lib/cfn-element.ts | 21 +++++++- packages/aws-cdk-lib/core/test/stack.test.ts | 51 +++++++++++++++++--- 2 files changed, 64 insertions(+), 8 deletions(-) diff --git a/packages/aws-cdk-lib/core/lib/cfn-element.ts b/packages/aws-cdk-lib/core/lib/cfn-element.ts index 230ed20376662..3a43c9eb35156 100644 --- a/packages/aws-cdk-lib/core/lib/cfn-element.ts +++ b/packages/aws-cdk-lib/core/lib/cfn-element.ts @@ -81,14 +81,31 @@ export abstract class CfnElement extends Construct { /** * Overrides the auto-generated logical ID with a specific ID. * @param newLogicalId The new logical ID to use for this stack element. + * + * @throws an error if `logicalId` has already been locked + * @throws an error if `newLogicalId` is empty + * @throws an error if `newLogicalId` contains more than 255 characters + * @throws an error if `newLogicalId` contains non-alphanumeric characters + * + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html#resources-section-structure-logicalid */ public overrideLogicalId(newLogicalId: string) { if (this._logicalIdLocked) { throw new Error(`The logicalId for resource at path ${Node.of(this).path} has been locked and cannot be overridden\n` + 'Make sure you are calling "overrideLogicalId" before Stack.exportValue'); - } else { - this._logicalIdOverride = newLogicalId; } + + if (!newLogicalId) { + throw new Error('Cannot set an empty logical ID'); + } + if (newLogicalId.length > 255) { + throw new Error(`Invalid logical ID override: '${newLogicalId}'. It must be at most 255 characters long, got ${newLogicalId.length} characters.`); + } + if (!newLogicalId.match(/^[A-Za-z0-9]+$/)) { + throw new Error(`Invalid logical ID override: '${newLogicalId}'. It must only contain alphanumeric characters.`); + } + + this._logicalIdOverride = newLogicalId; } /** diff --git a/packages/aws-cdk-lib/core/test/stack.test.ts b/packages/aws-cdk-lib/core/test/stack.test.ts index 82be67b19499b..5ad32c2b6de38 100644 --- a/packages/aws-cdk-lib/core/test/stack.test.ts +++ b/packages/aws-cdk-lib/core/test/stack.test.ts @@ -1370,10 +1370,49 @@ describe('stack', () => { // THEN - producers are the same expect(() => { - resourceM.overrideLogicalId('OVERRIDE_LOGICAL_ID'); + resourceM.overrideLogicalId('OVERRIDELOGICALID'); }).toThrow(/The logicalId for resource at path Producer\/ResourceXXX has been locked and cannot be overridden/); }); + test('throw error if overrideLogicalId contains non-alphanumeric characters', () => { + // GIVEN: manual + const appM = new App(); + const producerM = new Stack(appM, 'Producer'); + const resourceM = new CfnResource(producerM, 'ResourceXXX', { type: 'AWS::Resource' }); + + // THEN - producers are the same + expect(() => { + resourceM.overrideLogicalId('INVALID_LOGICAL_ID'); + }).toThrow(/must only contain alphanumeric characters/); + }); + + test('throw error if overrideLogicalId is over 255 characters', () => { + // GIVEN: manual + const appM = new App(); + const producerM = new Stack(appM, 'Producer'); + const resourceM = new CfnResource(producerM, 'ResourceXXX', { type: 'AWS::Resource' }); + + // THEN - producers are the same + expect(() => { + resourceM.overrideLogicalId( + // 256 character long string of "aaaa..." + Array(256).fill('a').join(''), + ); + }).toThrow(/must be at most 255 characters long, got 256 characters/); + }); + + test('throw error if overrideLogicalId is an empty string', () => { + // GIVEN: manual + const appM = new App(); + const producerM = new Stack(appM, 'Producer'); + const resourceM = new CfnResource(producerM, 'ResourceXXX', { type: 'AWS::Resource' }); + + // THEN - producers are the same + expect(() => { + resourceM.overrideLogicalId(''); + }).toThrow('Cannot set an empty logical ID'); + }); + test('do not throw error if overrideLogicalId is used and logicalId is not locked', () => { // GIVEN: manual const appM = new App(); @@ -1381,26 +1420,26 @@ describe('stack', () => { const resourceM = new CfnResource(producerM, 'ResourceXXX', { type: 'AWS::Resource' }); // THEN - producers are the same - resourceM.overrideLogicalId('OVERRIDE_LOGICAL_ID'); + resourceM.overrideLogicalId('OVERRIDELOGICALID'); producerM.exportValue(resourceM.getAtt('Att')); const template = appM.synth().getStackByName(producerM.stackName).template; expect(template).toMatchObject({ Outputs: { - ExportsOutputFnGetAttOVERRIDELOGICALIDAtt2DD28019: { + ExportsOutputFnGetAttOVERRIDELOGICALIDAtt76AC816F: { Export: { - Name: 'Producer:ExportsOutputFnGetAttOVERRIDELOGICALIDAtt2DD28019', + Name: 'Producer:ExportsOutputFnGetAttOVERRIDELOGICALIDAtt76AC816F', }, Value: { 'Fn::GetAtt': [ - 'OVERRIDE_LOGICAL_ID', + 'OVERRIDELOGICALID', 'Att', ], }, }, }, Resources: { - OVERRIDE_LOGICAL_ID: { + OVERRIDELOGICALID: { Type: 'AWS::Resource', }, }, From e5dbaef45e1ecd58244f324ba22604d582d042e1 Mon Sep 17 00:00:00 2001 From: Jimmy Gaussen Date: Wed, 3 Apr 2024 21:04:36 +0200 Subject: [PATCH 2/2] fix: handle unresolved tokens --- packages/aws-cdk-lib/core/lib/cfn-element.ts | 18 ++++++----- packages/aws-cdk-lib/core/test/stack.test.ts | 33 ++++++++++++++++++++ 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/packages/aws-cdk-lib/core/lib/cfn-element.ts b/packages/aws-cdk-lib/core/lib/cfn-element.ts index 3a43c9eb35156..396a27b6f8d5d 100644 --- a/packages/aws-cdk-lib/core/lib/cfn-element.ts +++ b/packages/aws-cdk-lib/core/lib/cfn-element.ts @@ -95,14 +95,16 @@ export abstract class CfnElement extends Construct { 'Make sure you are calling "overrideLogicalId" before Stack.exportValue'); } - if (!newLogicalId) { - throw new Error('Cannot set an empty logical ID'); - } - if (newLogicalId.length > 255) { - throw new Error(`Invalid logical ID override: '${newLogicalId}'. It must be at most 255 characters long, got ${newLogicalId.length} characters.`); - } - if (!newLogicalId.match(/^[A-Za-z0-9]+$/)) { - throw new Error(`Invalid logical ID override: '${newLogicalId}'. It must only contain alphanumeric characters.`); + if (!Token.isUnresolved(newLogicalId)) { + if (!newLogicalId) { + throw new Error('Cannot set an empty logical ID'); + } + if (newLogicalId.length > 255) { + throw new Error(`Invalid logical ID override: '${newLogicalId}'. It must be at most 255 characters long, got ${newLogicalId.length} characters.`); + } + if (!newLogicalId.match(/^[A-Za-z0-9]+$/)) { + throw new Error(`Invalid logical ID override: '${newLogicalId}'. It must only contain alphanumeric characters.`); + } } this._logicalIdOverride = newLogicalId; diff --git a/packages/aws-cdk-lib/core/test/stack.test.ts b/packages/aws-cdk-lib/core/test/stack.test.ts index 5ad32c2b6de38..5aa4b5d44fa5f 100644 --- a/packages/aws-cdk-lib/core/test/stack.test.ts +++ b/packages/aws-cdk-lib/core/test/stack.test.ts @@ -1446,6 +1446,39 @@ describe('stack', () => { }); }); + test('do not throw if overrideLogicalId is unresolved', () => { + // GIVEN: manual + const appM = new App(); + const producerM = new Stack(appM, 'Producer'); + const resourceM = new CfnResource(producerM, 'ResourceXXX', { type: 'AWS::Resource' }); + + // THEN - producers are the same + resourceM.overrideLogicalId(Lazy.string({ produce: () => 'INVALID_LOGICAL_ID' })); + producerM.exportValue(resourceM.getAtt('Att')); + + const template = appM.synth().getStackByName(producerM.stackName).template; + expect(template).toMatchObject({ + Outputs: { + ExportsOutputFnGetAttINVALIDLOGICALIDAtt6CB9E5B9: { + Export: { + Name: 'Producer:ExportsOutputFnGetAttINVALIDLOGICALIDAtt6CB9E5B9', + }, + Value: { + 'Fn::GetAtt': [ + 'INVALID_LOGICAL_ID', + 'Att', + ], + }, + }, + }, + Resources: { + INVALID_LOGICAL_ID: { + Type: 'AWS::Resource', + }, + }, + }); + }); + test('automatic cross-stack references and manual exports look the same: nested stack edition', () => { // GIVEN: automatic const appA = new App();